Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)

Antoine Delignat-Lavaud <> Thu, 06 February 2020 16:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 673D81200F4 for <>; Thu, 6 Feb 2020 08:05:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.453
X-Spam-Status: No, score=-6.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZWaiUJ5MapCA for <>; Thu, 6 Feb 2020 08:05:36 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 76A2D12006B for <>; Thu, 6 Feb 2020 08:05:36 -0800 (PST)
Date: Thu, 06 Feb 2020 08:05:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1581005135; bh=bZNeVIPI60QNMfEb83QF4VuNM9w1prSfOg8KQfXde9k=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=xNkwjaYHw1D4RhU4fGtCCp3g6OTz2thSIorvhjoBT/GRIu/4hVOQd2JtNx4AmRvRq gey99UFxBCx3QEG0dRHDAM5Bv7kruXyH1guSH04Wfa+izZ5U1v4+vx0BhUfmF4ppQe up7zna154Uko9W5lS8tmNmo5ntckevHp/vLKe2Gc=
From: Antoine Delignat-Lavaud <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3439/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e3c394f65261_7e833fb15b8cd95c195197"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ad-l
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Feb 2020 16:05:40 -0000

There is also something interesting about the ODCID transport parameter. If no retry happens, then the DCID gets authenticated, however if a retry does happen then an attacker can tamper with the new SCID in the RETRY packet. 

Also our QUIPS paper is on ePrint and section 3.4 has some relevant details

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: